Recommended Posts

Cerberus

Cerberus

After 3 x 18 hour days we had just got it sorted to about 95% when.....................you guessed, we got attacked again. This time people were online everywhere, so sat and watched and were able to pin point how they were getting in. However it will now take another day or two to set it right again. Sorry guys.

Ok we are working on fixing the site, we believe it was a group of anti-porn religious hackers that have carried out both assaults. May their god bless them, as he probably needs the souls I just love these, holier than thou, pricks.

Share this post

Link to post

Share on other sites

D'Impaler

D'Impaler

Ok we are working on fixing the site, we believe it was a group of anti-porn religious hackers that have carried out both assaults. May their god bless them, as he probably needs the souls I just love these, holier than thou, pricks.

I dont know if this is of any use to you but i have some linux hosts which used to get attacked all the time until i installed 'denyhosts' which completely blocks specific i.p. addresses it spots trying to hack in (failed ssh attempts etc.)

Share this post

Link to post

Share on other sites

Cerberus

Cerberus

I dont know if this is of any use to you but i have some linux hosts which used to get attacked all the time until i installed 'denyhosts' which completely blocks specific i.p. addresses it spots trying to hack in (failed ssh attempts etc.)

Thanks you we will add that to the other options we are looking at.

I THINK THE TERM IS CUNTS!!!

No mate, as you come from where I do (appox ;-) ) and know the Anglo Saxon usage means its something we are always lusting after. They are more like a HIV virus, every-time you get a handle on the bloody little buggers they evolve elsewhere.

Link to post

Share on other sites

jasonbalmer

jasonbalmer

After 3 x 18 hour days we had just got it sorted to about 95% when.....................you guessed, we got attacked again. This time people were online everywhere, so sat and watched and were able to pin point how they were getting in. However it will now take another day or two to set it right again. Sorry guys.

I presume you got some IP addresses too.

Were they in-country, or will the imps have to travel to deliver justice?

Share this post

Link to post

Share on other sites

s77656769

s77656769

I dont know if this is of any use to you but i have some linux hosts which used to get attacked all the time until i installed 'denyhosts' which completely blocks specific i.p. addresses it spots trying to hack in (failed ssh attempts etc.)

If you are using ssh then you should turn off passwords entirely and just use keys. Then they can guess passwords to their hearts content, and it will always fail.

Totally depends on the hacker. A professional group will target companies worth money to steal the data, usually financial data be it credit card numbers or other accounts. These are pros and this is how they make a living. They aren't flashy, they aren't out to scream to the world LOOK AT ME. This isn't an insult to the Devil's Den but they aren't getting hit by pros.

Your next group that tends to deface websites, are what we call Script Kiddies. They use well known exploits and scripts and just hammer on a server until they get access. It's damn near impossible to secure a server against every attack as new ones are discovered constantly. These groups like to deface sites and tag it with their name or group affiliation. They may get paid a small amount of money by someone to do it but mostly its just bragging rights to their friends and to build community credit that they hacked a site.

I think the owner of the Devil's Den said it earlier, if someone wants in you aren't stopping them. Unless you are monitoring your site 24/7, reviewing the log files, and are willing to take extreme measures you just can't stop a determined hacker.

Share this post

Link to post

Share on other sites

pattaya bound

pattaya bound

Totally depends on the hacker. A professional group will target companies worth money to steal the data, usually financial data be it credit card numbers or other accounts. These are pros and this is how they make a living. They aren't flashy, they aren't out to scream to the world LOOK AT ME. This isn't an insult to the Devil's Den but they aren't getting hit by pros.

Your next group that tends to deface websites, are what we call Script Kiddies. They use well known exploits and scripts and just hammer on a server until they get access. It's damn near impossible to secure a server against every attack as new ones are discovered constantly. These groups like to deface sites and tag it with their name or group affiliation. They may get paid a small amount of money by someone to do it but mostly its just bragging rights to their friends and to build community credit that they hacked a site.

I think the owner of the Devil's Den said it earlier, if someone wants in you aren't stopping them. Unless you are monitoring your site 24/7, reviewing the log files, and are willing to take extreme measures you just can't stop a determined hacker.

Spanky, you must be board at work......leave the poor Devils Den alone and go back to the LB section.........

Share this post

Link to post

Share on other sites

Cerberus

Cerberus

Spanky, you must be board at work......leave the poor Devils Den alone and go back to the LB section.........

No hes right, we now believe it to be;

a group of anti-porn religious hackers that have carried out both assaults. May their god bless them, as he probably needs the souls I just love these, holier than thou, pricks.

as Spanky said;

Your next group that tends to deface websites, are what we call Script Kiddies. They use well known exploits and scripts and just hammer on a server until they get access. It's damn near impossible to secure a server against every attack as new ones are discovered constantly. These groups like to deface sites and tag it with their name or group affiliation

If you are using ssh then you should turn off passwords entirely and just use keys. Then they can guess passwords to their hearts content, and it will always fail.

yeh but the denyhosts works for all sorts of attacks, its amazing to see on linux how these lowlifes are attempting to gain access to your box when your have a look at the root file /var/log/auth.log you can see them trying a while range of tcp ports with guessed user names and passwords for common setups like mysql, samba, ssh etc etc. scumbags .. is so tempting to have a go at attacking the ip addresses doing this!

Share this post

Link to post

Share on other sites

Spanky99

Spanky99

Spanky, you must be board at work......leave the poor Devils Den alone and go back to the LB section.........

Do I need to post more compromising pictures of you and your Canadian tanning habits? Do remember that I arrive BEFORE you and that I KNOW where you are STAYING! He/She will be taller than you, have large hands, a deep voice, and will demand that he/she "smoke you good" while humming "Happy Birthday Pattaya Bound", I would have him/her sing but her mouth will be full.

yeh but the denyhosts works for all sorts of attacks, its amazing to see on linux how these lowlifes are attempting to gain access to your box when your have a look at the root file /var/log/auth.log you can see them trying a while range of tcp ports with guessed user names and passwords for common setups like mysql, samba, ssh etc etc. scumbags .. is so tempting to have a go at attacking the ip addresses doing this!

Most scripts don't even bother with brute force password cracks. They will try the very common, defaults, but for the most part they shoot for unpatched applications and protocol vulnerabilities to gain access. Its faster and easier then running through a dictionary for a password. As for denyhosts, easily bypassed. A good hacker will never use their own IP address and instead shoot through a proxy usually another compromised machine. You would have to trace back to that machine then start tracing the packets, again back from there. A good hacker will have about 4 layers between them and their target. Your average script kiddie just hits a compromised machine in China and launches what they want from there. More so, if you got enough zombies under your control you can overrun most defenses just by flooding the server with so many requests its can't keeps up and either crashes or lets you through. Again, if they want in, you aren't going to stop them. This group apparently wants in bad enough that they will find a way to do it no matter what precautions you take.

Share this post

Link to post

Share on other sites

George111

George111

Yes, they will probably have several backups dating back, however the exploit has to be found and patched.

Well the most likely culprit would be the booking php, it's the only form I see on there. Maybe the input fields are not validated first so someone could get a script to run that way. Other then that maybe extra services running on the server that's not really needed and not secured down.

Share this post

Link to post

Share on other sites

Cerberus

Cerberus

For information, our site was on a dedicated server and not one on a server farm either. Yes, we did keep back-ups and had them on another server, they got to that as well. It would seem it was not a single hacker but a Pack, (what do you call a group of these idiots). No our passwords were complex to say the lest.

Spanky99, you a hacker you are on the button in most things you have said. The real damage was done the first time, the second just allowed us to see how they were gaining access. We are playing catch up and being across 3 times zones is hindering us a little.

Share this post

Link to post

Share on other sites

Spanky99

Spanky99

Spanky99, you a hacker you are on the button in most things you have said. The real damage was done the first time, the second just allowed us to see how they were gaining access. We are playing catch up and being across 3 times zones is hindering us a little.

Nah! I do IT for a living which means I don't get my jollies hacking others sites. After spending a day dealing with other peoples computer crap, last thing I want to do is spend time hacking. I mean, porn don't surf itself and I need to relax after a hard day at work.

Share this post

Link to post

Share on other sites

biteneat

biteneat

I guess its being sorted now, the current lineup is back in the website. I was shocked to see around 5 of the girls missing (I had taken Gik overnight only a week ago and when I get back home, she was missing in the website). Hope the entire issue gets sorted soon.

Share this post

Link to post

Share on other sites

Cerberus

Cerberus

I guess its being sorted now, the current lineup is back in the website. I was shocked to see around 5 of the girls missing (I had taken Gik overnight only a week ago and when I get back home, she was missing in the website). Hope the entire issue gets sorted soon.

Share this post

Link to post

Share on other sites

Cerberus

Cerberus

Guys we are 95% there, we have to update the pictures in the profiles and do a run search for any glitches. Then wait to hear from yourselves if you see anything we have missed.

To those patrons that persevered with making bookings throughout this period, As usual, I also have to thank the team that work alongside me for all the extra hours and effort everybody has put in to this recovery. Blessings seem to come in many sizes and mine run the spectrum from 45 to 130kilos.